Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

Presented at Black Hat USA 2019, Aug. 7, 2019, 11:15 a.m. (50 minutes)

This talk is the 'grand finale' of a four-year long investigation that started with analyzing an IoT botnet, and led to discovering the structured industry that exists behind social media manipulation (SMM). SMM is the deliberate act of paying for popularity with followers or activity on social media. Adopting a bottom-up approach, the thorough methodology undertook to study the botnet will be presented: from building honeypots, infecting them with malware and conducting a man-in-the-middle-attack on the honeypots' traffic to access the decrypted HTTPS content between the C&Cs and social networks. Then, the various investigative paths taken to analyze this large data set, leading to the discovery of many industry actors involved in the supply chain of social media manipulation, will be presented. These investigative paths include traffic analysis, various OSINT approaches to reveal and understand actors, reverse-engineering the software that automates the use and creation of fake accounts, forum investigations, and qualitative profiling. All actors involved in the industry will be mapped, from malware authors, to reseller panels, and customers of fake popularity. The potential profitability of the industry will then be discussed, as well as the revenue division in the supply chain, demonstrating that the ones making the highest revenue per fake follower sold are not the malware authors, but rather those at the end of the chain. Different approaches to disrupt social media manipulation will also be discussed, giving practical insights for cybersecurity professionals, law enforcement agencies, and policy makers willing to curb this illicit industry.


  • Olivier Bilodeau - Cybersecurity Research Director, GoSecure
    Olivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, he enjoys attracting malware in honeypots, writing tools for malware research, reverse-engineering all-the-things and vulnerability research. Passionate communicator, Olivier has spoken at several conferences like Black Hat Europe, Defcon, Botconf, SecTor, Derbycon, HackFest and many more. Invested in his community, he co-organizes Montr√©Hack,‚ÄČa monthly workshop focused on applied information security, and NorthSec, Montreal's community conference and Capture-The-Flag.
  • Masarah Paquet-Clouston - Security Researcher, GoSecure
    Masarah Paquet-Clouston is a security researcher at GoSecure, a PhD student at Simon Fraser University in criminology and one of Canada's decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit online activities. She published in several peer-reviewed journals, such as Social Networks, Global Crime and the International Journal for the Study of Drug Policy, and presented at various international conferences including Virus Bulletin, Black Hat Europe, Botconf and the American Society of Criminology.


Similar Presentations: